Chapter 21. Using ASP.NET Membership

In the previous chapter, you learned how to use the Login controls to create an entire user registration system. This chapter looks under the covers and examines the security frameworks on which the Login controls are built.

The ASP.NET Framework includes four frameworks related to security:

• ASP.NET Authentication Enables you to identify users.

• ASP.NET Authorization Enables you to authorize users to request particular resources.

• ASP.NET Membership Enables you to represent users and modify their properties.

• Role Manager Enables you to represent user roles and modify their properties.

In this chapter, you learn how to configure authentication, authorization, ASP.NET Membership, and the Role Manager. You learn how to enable Forms authentication and configure advanced Forms authentication features such as cookieless authentication and cross-application authentication.

You learn how to configure authorization to control access to resources. We explore several advanced features of authorization. For example, you learn how to password-protect images and ASP classic pages.

You also learn how to configure different Membership providers, create custom Membership providers, and work with the properties and methods of the Membership class. For example, you learn how to build a custom XmlMembershipProvider that stores membership information in an XML file.

Finally, we examine the Role Manager. You learn how to create user roles and add and remove users from a particular role. You also learn how to configure the different Role providers included in the ASP.NET Framework.